GFI LanGuard - Security flaws "Meltdown" and "Spectre" affecting CPU

Author:
Luis Fernandes
November 30, 2018 04:22

Answer

Two major flaws, or bugs, have been exposed, named "Meltdown" and "Spectre".

Meltdown: Aptly named, as it is able to 'melt security boundaries', making it feasible for applications to interfere with each other's data. A hacker could potentially exploit this in order to see, and even modify, an application's data. Meltdown affects Intel processors.

Spectre: A vulnerability whereby an application can be 'tricked' into executing a different set of instructions to those it normally would, which could allow application information to be accessed. Spectre affects Intel, AMD and ARM processors.

GFI LanGuard requires updates from Microsoft in order to ensure that our customers stay secure. As soon as Microsoft releases updates, we will push them via LanGuard channels. Microsoft has already made some updates available, but we are waiting for further updates and will push them immediately as soon as they are made available. LanGuard is an ideal product to ensure that our customers stay safe, without our administrators having to worry.

We advise all our customers to follow general security best practices by ensuring that all Operating Systems and software running on them are updated as soon as updates are available.

Patches for Meltdown are already being released by OS providers as follows:-

For customers running Microsoft Windows, Microsoft released a patch for Microsoft Windows 10 to address Meltdown on Thursday January 4, 2018. Updates for Windows 7 and Windows 8 should be available in the next few days.

For customers running Apple macOS, version 10.13.2 is available, which patches the Meltdown vulnerability. Earlier versions of macOS will need to be updated to 10.13.2 to ensure the vulnerability is patched.

Google's latest version of Android contains patches for the Meltdown vulnerability.

Cloud customers can rest assured of GFI's confidence in our use of Amazon Web Services. Amazon have now patched all their computing systems for the Meltdown vulnerability.

Further specific vendor details, such as Red Hat, VMware and the latest status from affected vendors for both Meltdown and Spectre should be checked on these individual vendor websites.